Security researchers have identified a new Killdisk ransomware virus which is based on the original malware distributed by the Telebots hackers collective. To remove existing threats and protect your computer from malware continue reading our removal guide.
About The Killdisk Ransomware
The Killdisk ransomware is a very dangerous virus that has its origins from the Killdisk malware used by the Telebots hackers collective. The ransomware is created using the Python programming language and uses the Telegram API to communicate with the remote operators. During the analysis of the virus it was discovered that the individual virus samples contain unique tokens. This means that each infected host uses its own Telegram account to communicate with the hackers.
The Killdisk ransomware uses a very dangerous encryption engine to compromise the affected files. It targets the most widely used user data files. The virus can even affect files located on mounted network shares, removable devices and all local partitions. In addition each individual file is encrypted with its own private key and then another encryption layer is added.
The device owners are shown the following ransomware note:
We are so sorry, but the encryption
of your data has been succesfully completed,
so you can lose your data or
pay 222 btc to Q194RXqr5WzyNh9Jn3YLDGeBoJxJBigcF
with blockchain info
contact e-mail: email@example.com
When the virus is installed on the target system it also registers itself as a system service and it can terminate various processes.
How Does The Killdisk Ransomware Infect Computers
The Killdisk ransomware targets mainly industrial and high-profile victims. Some of the reports indicate that the criminal operators of the virus target mainly chemical plants located in Europe.
The malware is distributed mainly via software exploits and direct hacker attacks.
How To Remove The Killdisk Ransomware and Recover Affected Files
You can use a trusted anti-spyware solution to remove active infections and protect your computer .